explicit permissions for APT GPG keys
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Jérémy Lecour 2021-05-26 13:47:34 +02:00 committed by Jérémy Lecour
parent 2c47871fa7
commit 454d4c6d30
18 changed files with 42 additions and 0 deletions

View File

@ -14,6 +14,8 @@
dest: /etc/apt/trusted.gpg.d/reg.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- apt

View File

@ -33,6 +33,8 @@
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
force: yes
mode: "0644"
owner: root
group: root
- name: Install docker and python-docker
apt:

View File

@ -23,6 +23,8 @@
dest: /etc/apt/trusted.gpg.d/elastic.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- elasticsearch
- packages

View File

@ -49,6 +49,8 @@
dest: /etc/apt/trusted.gpg.d/hpePublicKey2048_key1.asc
force: yes
mode: "0644"
owner: root
group: root
- name: Add HPE repository
apt_repository:
@ -114,6 +116,8 @@
dest: /etc/apt/trusted.gpg.d/hwraid.le-vert.net.asc
force: yes
mode: "0644"
owner: root
group: root
when: ansible_distribution_major_version is version('9', '>=')
- name: Add HW tool repository

View File

@ -23,6 +23,8 @@
dest: /etc/apt/trusted.gpg.d/elastic.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- filebeat
- packages

View File

@ -15,6 +15,8 @@
dest: /etc/apt/trusted.gpg.d/fluentd.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- packages
- fluentd

View File

@ -17,6 +17,8 @@
dest: /etc/apt/trusted.gpg.d/jenkins.asc
force: yes
mode: "0644"
owner: root
group: root
- name: Add jenkins APT repository
apt_repository:

View File

@ -23,6 +23,8 @@
dest: /etc/apt/trusted.gpg.d/elastic.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- kibana
- packages

View File

@ -23,6 +23,8 @@
dest: /etc/apt/trusted.gpg.d/elastic.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- logstash
- packages

View File

@ -21,12 +21,16 @@
src: reg.asc
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc
mode: "0644"
owner: root
group: root
- name: copy packages.sury.org GPG Key
copy:
src: sury.gpg
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg
mode: "0644"
owner: root
group: root
- name: "{{ lxc_php_version }} - Update APT cache"
lxc_container:

View File

@ -23,6 +23,8 @@
dest: /etc/apt/trusted.gpg.d/elastic.asc
force: yes
mode: "0644"
owner: root
group: root
tags:
- metricbeat
- packages

View File

@ -12,6 +12,8 @@
dest: /etc/apt/trusted.gpg.d/mongodb-server-4.2.asc
force: yes
mode: "0644"
owner: root
group: root
- name: enable APT sources list
apt_repository:

View File

@ -12,6 +12,8 @@
dest: /etc/apt/trusted.gpg.d/newrelic.asc
force: yes
mode: "0644"
owner: root
group: root
- name: Install NewRelic repository
apt_repository:

View File

@ -23,6 +23,9 @@
copy:
src: nodesource.asc
dest: /etc/apt/trusted.gpg.d/nodesource.asc
mode: "0644"
owner: root
group: root
tags:
- system
- packages

View File

@ -15,6 +15,9 @@
copy:
src: yarnpkg.asc
dest: /etc/apt/trusted.gpg.d/yarnpkg.asc
mode: "0644"
owner: root
group: root
tags:
- system
- packages

View File

@ -15,6 +15,8 @@
dest: /etc/apt/trusted.gpg.d/percona.asc
force: yes
mode: "0644"
owner: root
group: root
- name: Check if percona-release is installed
shell: "set -o pipefail && dpkg -l percona-release 2> /dev/null | grep -q -E '^(i|h)i'"

View File

@ -5,6 +5,8 @@
url: https://packages.sury.org/php/apt.gpg
dest: /etc/apt/trusted.gpg.d/sury.gpg
mode: "0644"
owner: root
group: root
- name: Setup deb.sury.org repository - Install apt-transport-https
apt:

View File

@ -25,6 +25,8 @@
dest: /etc/apt/trusted.gpg.d/pgdg.asc
force: yes
mode: "0644"
owner: root
group: root
- name: Update and upgrade apt packages for PGDG repository
apt: